<?php
include("db_fxn.php");
function register($username, $email, $password)
// register new person with db
// return true or error message
{
	// connect to db
	$conn = db_connect();
	
	// check if username is unique
	$result = $conn->query("select * from user where username='$username'");
	if (!$result)
		throw new Exception('Could not execute query');
	if ($result->numrows()>0)
		throw new Exception('That username is taken '.'- go back and choose another one.') ;
	// if ok, put in db
	$result = $conn->query("insert into user values	('$username', sha1('$password'), '$email')");
	if (!$result)
		throw new Exception('Could not register you in database '.'- please try again later.');
	return true;
}

function login($username, $password)
// check username and password with db
// if yes, return true
// else throw exception
{
	// connect to db
	$conn = db_connect();
	// check if username is unique
	$result = $conn->query("select * from user where username='$username' and passwd = sha1('$password')");
	//echo '@@@@@@@@ Number of Rows: '.$result->numrows();
	if (!$result)
		throw new Exception('Login error, we could not log you in.');
	if ($result->numrows()>0)
		return true;
	else
		throw new Exception('Login error, we could not log you in.');
}

function check_valid_user()
// see if somebody is logged in and notify them if not
{
	if (isset($_SESSION['valid_user']))
	{
		return true;
	}
	else{
		return false;
	}
}

function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
	// if the old password is right
	// change their password to new_password and return true
	// else throw an exception
	login($username, $old_password);
	$conn = db_connect();
	$result = $conn->query( "update user set passwd = sha1('$new_password') where username = '$username'");
	if (!$result)
		throw new Exception('Password could not be changed.');
	else
		return true; // changed successfully
}

function reset_password($username)
// set password for username to a random value
// return the new password or false on failure
{
	// get a random dictionary word b/w 6 and 13 chars in length
	$new_password = get_random_word(6, 13);
	if($new_password==false)
		throw new Exception('Could not generate new password.');
	
	// add a number between 0 and 999 to it
	// to make it a slightly better password
	srand ((double) microtime() * 1000000);
	$rand_number = rand(0, 999);
	$new_password .= $rand_number;
	
	// set user's password to this in database or return false
	$conn = db_connect();
	$result = $conn->query( "update user set passwd = sha1('$new_password') where username = '$username'");
	if (!$result)
		throw new Exception('Could not change password.'); // not changed
	else
		return $new_password; // changed successfully
}

function get_random_word($min_length,$max_length)
{
	$word="1234567";
	
	return $word;	
}

function notify_password($username, $password)
// notify the user that password has been changed
{
	$conn = db_connect();
	$result = $conn->query("select email from user	where username='$username'");
	if (!$result)
	{
		throw new Exception('Could not find email address.');
	}
	else if ($result->numrows()==0)
	{
		throw new Exception('Could not find '.' email address.'); // username not in db
	}
	else
	{
		$row = $result->fetch_object();
		$email = $row->email;
		$from = "From: support@phpbookmark \r\n";
		$mesg = "Your PHPbookmark password has been changed to $password \r\n"."Please change it next time you log in. \r\n";
		if (mail($email, 'PHPbookmark login information', $mesg, $from))
			return true;
		else
			throw new Exception('Could not send email.');
	}
}

function validate_form() 
{
	$errors = array();
	if (($_FILES['userfile']['error'] == UPLOAD_ERR_INI_SIZE)||($_FILES['userfile']['error'] == UPLOAD_ERR_FORM_SIZE)) {
		$errors[] = 'Uploaded file is too big.';
	} elseif ($_FILES['userfile']['error'] == UPLOAD_ERR_PARTIAL) {
		$errors[] = 'File upload was interrupted.';
	} elseif ($_FILES['userfile']['error'] == UPLOAD_ERR_NO_FILE) {
		$errors[] = 'No file uploaded.';
	}
	return $errors;
}
?>